package com.taobao.machinesystem.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import com.taobao.machinesystem.entity.SysPermission;
import com.taobao.machinesystem.mapper.SysPermissionMapper;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.SpringBootConfiguration;
import org.springframework.context.annotation.Bean;

import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

@SpringBootConfiguration
public class ShiroConfiguration {

    @Autowired
    private SysPermissionMapper sysPermissionMapper;

    /**
     * 使用Shiro三大对象，配置下方的类
     * 创建realm对象 需要自定义类，上面我们已经定义了
     * DefaultWebSecurityManager
     * ShiroFilterFactoryBean
     */
    //创建 返回realm对象的方法 为我们刚刚定义的UserRealm
    @Bean(name = "userRealm")//被Spring托管
    public UserRealm userRealm() {
        return new UserRealm();
    }

    //创建DefaultWebSecurityManager 配置安全管理器
    @Bean(name = "securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联UserRealm
        securityManager.setRealm(userRealm);
        return securityManager;
    }

    //创建ShiroFilterFactoryBean
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager) {
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        //设置安全管理器
        bean.setSecurityManager(defaultWebSecurityManager);
        //添加Shiro的内置过滤器
        /**
         anon：无需认证就可以访问
         authc：必须认证才能访问，必须登录
         user：必须拥有 记住我功能 才能用
         perms： 拥有对某个资源的权限才能访问
         role：拥有某个角色权限才能访问
         */
        //拦截
        Map<String, String> filterMap = new LinkedHashMap<>();


        filterMap.put("/static/**","anon");
        filterMap.put("/js/**","anon");   // anon  Set as a public resource
        filterMap.put("/css/**","anon");   // anon  Set as a public resource
        filterMap.put("/bootstrap/**/**","anon");   // anon  Set as a public resource
        filterMap.put("/images/**","anon");   // anon  Set as a public resource
        filterMap.put("/layui/**","anon");   // anon  Set as a public resource
        filterMap.put("/login","anon");   // anon  Set as a public resource

        filterMap.put("/**","authc");
        //添加到shiro全部权限模型
        List<SysPermission> sysPermissions = sysPermissionMapper.selectList(null);
        //循环添加权限模型
        for (SysPermission sysPermission : sysPermissions) {
            if (sysPermission.getPid().equals("0")){
                continue;
            }
            filterMap.put(sysPermission.getPath(), "perms[" + sysPermission.getPermissionValue() + "]");
        }

        //将设置好的权限添加进去
        bean.setFilterChainDefinitionMap(filterMap);
        //如果没有权限 ，跳到设置未授权的页面
        bean.setUnauthorizedUrl("/noauth");
        //如果没有登录，跳转到指定的登录页面
        bean.setLoginUrl("/login");

        return bean;
    }

    @Bean
    //整合ShiroDialect：用户整合Shiro 和 thymeleaf
    public ShiroDialect getShiroDialect() {
        return new ShiroDialect();
    }
}